Title :
Staggered TESLA: a multicast authentication scheme resistant to DoS attacks
Author :
Li, Qing ; Trappe, Wade
Author_Institution :
Wireless Inf. Network Lab., Rutgers Univ., Piscataway, NJ, USA
fDate :
28 Nov.-2 Dec. 2005
Abstract :
Many techniques for multicast authentication employ the principle of delayed key disclosure. These methods introduce delay in the verification of authentication, employ receiver-side buffers, and consequently are susceptible to denial of service (DoS) attacks. This paper introduces a method to reduce the delay needed to filter forged multicast packets, and consequently mitigates the effects of DoS attacks. Specifically, this paper introduces suitable modifications to the popular multicast authentication scheme, TESLA, through the use of multiple, staggered authentication keys that are used in creating message authentication codes (MACs) for a multicast packet. We provide guidelines for determining the appropriate buffer size, and show that the use of multiple MACs allows the receiver to flush potentially forged packets quicker than in conventional TESLA. As a result, staggered TESLA provides an advantage against DoS attacks as it requires an adversary to attempt a DoS at a higher attack rate than is necessary in conventional TESLA.
Keywords :
buffer circuits; delays; message authentication; multicast communication; telecommunication security; telecommunication services; DoS attacks; authentication verification; delayed key disclosure; denial of service; message authentication codes; multicast authentication scheme; multicast packets; receiver-side buffers; staggered TESLA; Broadcasting; Computer crime; Cryptography; Delay effects; Filters; Guidelines; Laboratories; Message authentication; Multicast communication; Unicast;
Conference_Titel :
Global Telecommunications Conference, 2005. GLOBECOM '05. IEEE
Print_ISBN :
0-7803-9414-3
DOI :
10.1109/GLOCOM.2005.1577934
